[Freeipa-devel] [PATCH 0236] ipaldap: Fallback to string if datetime conversion went wrong
Petr Viktorin
pviktori at redhat.com
Thu Jun 26 08:39:04 UTC 2014
On 06/26/2014 10:33 AM, Jan Cholasta wrote:
> On 26.6.2014 09:40, Petr Viktorin wrote:
>> On 06/26/2014 09:33 AM, Jan Cholasta wrote:
>>> On 26.6.2014 09:21, Petr Viktorin wrote:
>>>> On 06/26/2014 08:30 AM, Jan Cholasta wrote:
>>>>> On 25.6.2014 18:25, Petr Viktorin wrote:
>>>>>> On 06/25/2014 05:29 PM, Jan Cholasta wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> On 25.6.2014 17:17, Tomas Babej wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Our datetime conversion does not support full LDAP Generalized
>>>>>>>> time syntax. In the unsupported cases, we should fall back
>>>>>>>> to string representation of the attribute.
>>>>>>>>
>>>>>>>> In particular, '0' is used to denote no value of LDAP generalized
>>>>>>>> time attribute.
>>>>>>>>
>>>>>>>> https://fedorahosted.org/freeipa/ticket/4350
>>>>>>>
>>>>>>> NACK, this beats the purpose of decoding of the values, because it
>>>>>>> requires you to check the type of the value before using it.
>>>>>>>
>>>>>>> Instead, you should either fix the code that uses the
>>>>>>> nsds5ReplicaLastUpdate{Start,End} attributes to access their raw
>>>>>>> value
>>>>>>> directly, or exclude the attributes from decoding to datetime by
>>>>>>> overriding their type in IPASimpleLDAPObject._SYNTAX_OVERRIDE.
>>>>>>>
>>>>>>> Honza
>>>>>>>
[...]
>>
>> The problem is that "unset" is a valid value here,
>
> It is not, according to Generalized Time syntax (RFC 4517 section
> 3.3.13) "0" is an invalid value and we should treat it the same way as
> any other invalid value (hence my original suggestion).
OK, in that case ignore what I said here.
So am I correct that 389-ds storing a value that doesn't comply with the
attribute's syntax? Should we file a DS bug?
--
Petr³
More information about the Freeipa-devel
mailing list